The threat actors behind the Smominru crypto mining campaign had upped their game ever since their operation's efficiency was harmed when cybersecurity experts managed to sinkhole a significant fraction of the Smominru's network infrastructure. According to a recent analysis of computers infected by the Smominru crypto miner, it appears that the attackers have implemented several new features in their campaign:
- They now use the EternalBlue exploit to spread the Smominru payload to other vulnerable systems on the same domain.
- They use a modified version of Mimikatz to collect login credentials from compromised systems.
- Some of their payloads include a Remote Access Trojan (RAT) component.
Credentials to Company Networks Sold on the Dark Web
In addition to these changes, the threat actors behind the project also seem to be diversifying their revenue streams by selling access to compromised networks. The marketplace for this has been set up on the Dark Web, and the attackers appear to have different pricing schemes for the infected hosts. This will not only maximize their profits but may put their victims in even more danger since an attacker with ill intentions could easily purchase access to a particular company's network and plant additional malware.
Currently, the Smominru malware is believed to persist on over 500,000 systems, but this number might rapidly increase because of the malware's newly added self-propagation abilities. Cybersecurity experts have estimated that the threat actors behind the Smominru project may have netted a little bit more than $3,000,000 thanks to their Trojanized cryptocurrency mining operation, as well as thanks to the newly adopted strategy of selling system access on the Dark Web.
Smominru is Proof that Cryptocurrency Mining Campaigns will Continue to Evolve
Cybercriminals are evolving their strategies and improvising with new monetization techniques constantly. Even cryptocurrency miners are not that simple anymore, and the Smominru campaign serves as a good reminder of why cyber-threats should never be underestimated. Protecting your network should be your top priority – make sure to use an advanced anti-malware solution on all Internet-connected computers, and apply the latest operating system and software updates.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Smominru may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.